<?php
    
    header("Content-Type:text/html;charset=utf-8");
    date_default_timezone_set('PRC');
    require ('config.php');
    
    $data = file_get_contents('php://input');  
    $data = json_decode($data, true); 
    $getdata = $data['getdata'] ?? null;  
    
    if (json_last_error() === JSON_ERROR_NONE && $getdata!="loginstate") {  
        $username = $data['username'] ?? null;  
        $password = $data['password'] ?? null;  
    }
    if(isset($_COOKIE['logonstate']) && $username!=NULL){
        echo json_encode(array('state'=>'200','username'=>$username,'qqnum'=>$qqnum,'msg'=>''.$username.',你已登录账号！'),JSON_UNESCAPED_UNICODE);
        exit(); 
    }elseif($getdata=='loginstate'){
        echo json_encode(array('state'=>'400','msg'=>'未登录账号！'),JSON_UNESCAPED_UNICODE);
            exit(); 
    }
    
    
    
    
    if(!$username or !$password){
        echo json_encode(array('state'=>'400','msg'=>'所有输入框都是必填项，请填写完整！'),JSON_UNESCAPED_UNICODE);
    }elseif(strlen($username) < 2){
        echo json_encode(array('state'=>'400','msg'=>'输入的用户名不合法（2~10位）'),JSON_UNESCAPED_UNICODE);
    }elseif(strlen($password) < 6){
        echo json_encode(array('state'=>'400','msg'=>'输入的密码不符合规定（6~15位）'),JSON_UNESCAPED_UNICODE);
    }else{
       
       $logintime=date("Y-m-d H:i");
       $ips = $_SERVER["REMOTE_ADDR"];
       //$password = md5($password);
       $sql = mysqli_query($conn,"SELECT username,qqnum,stat,ints,uid FROM users WHERE username LIKE '$username' AND password LIKE '$password'");
       $user = mysqli_fetch_array($sql);
       if(!$user){
           $sql = mysqli_query($conn,"SELECT username,qqnum,stat,ints,uid FROM users WHERE qqnum LIKE '$username' AND password LIKE '$password'");
            $user = mysqli_fetch_array($sql);
       }
       if(!$user){
           echo json_encode(array('state'=>'400','msg'=>'用户名或密码错误！'),JSON_UNESCAPED_UNICODE);
       }else{
            $username = $user['username'];
            $qqnum = $user['qqnum'];
            $state = $user['stat'];
            if($state == 0){
                echo json_encode(array('state'=>'400','msg'=>'用户已被永久封禁！'),JSON_UNESCAPED_UNICODE);
            }elseif($state == 1){
                echo json_encode(array('state'=>'400','msg'=>'用户已被限制登录！'),JSON_UNESCAPED_UNICODE);
            }else{
                $logonstate = bin2hex(random_bytes(32));
                setcookie("logonstate", $logonstate, time()+3600*24*5,'/');
                
                $ints = $user['ints'];
                $uid = $user['uid'];
                $sql="INSERT INTO loginstate (lid,uid,username,qqnum,ints,logintime,state,ipadd) VALUES('$logonstate','$uid','$username','$qqnum','$ints','$logintime','$state','$ips')";
                $loginst = mysqli_query($conn,$sql);
                if($loginst){
                    echo json_encode(array('state'=>'200','msg'=>'登录成功，欢迎回来！','username'=>$username,'logonstate'=>$logonstate),JSON_UNESCAPED_UNICODE);
                }else{
                    echo json_encode(array('state'=>'400','msg'=>'请求时发生未知错误，请联系管理员解决！'),JSON_UNESCAPED_UNICODE);
                }
            }
        }
    }
?>